Vulnerability-Lookup

CVE-2017-6674 (GCVE-0-2017-6674)

Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 15:33

Summary

Severity ?

No CVSS data available.

CWE

URL Filtering Bypass Vulnerability

Assigner

cisco

References

URL

	Vendor	Product	Version
	n/a	Cisco Firepower System Software	Affected: Cisco Firepower System Software

GSD-2017-6674

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6674

Aliases

CVE-2017-6674

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6674",
    "description": "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2.",
    "id": "GSD-2017-6674"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6674"
      ],
      "details": "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2.",
      "id": "GSD-2017-6674",
      "modified": "2023-12-13T01:21:10.177772Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-6674",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Firepower System Software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Firepower System Software"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "URL Filtering Bypass Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "98654",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98654"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system:6.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:firesight_system:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6674"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc"
            },
            {
              "name": "98654",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/98654"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-06-20T14:54Z",
      "publishedDate": "2017-06-13T06:29Z"
    }
  }
}

GHSA-X82J-C66Q-2VHM

Vulnerability from github – Published: 2022-05-17 02:40 – Updated: 2022-05-17 02:40

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6674"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-13T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2.",
  "id": "GHSA-x82j-c66q-2vhm",
  "modified": "2022-05-17T02:40:38Z",
  "published": "2022-05-17T02:40:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6674"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98654"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-6674

Vulnerability from fkie_nvd - Published: 2017-06-13 06:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/98654	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98654	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	firesight_system	6.0.1
cisco	firesight_system	6.1.0
cisco	firesight_system	6.2.0
cisco	firesight_system	6.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDBF4E81-9679-480C-8DF8-5F6AEA96943B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C0DE8D-EE79-4B22-8880-8D4631858C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "389120A8-415E-4BBB-AFB6-C1283A7BD13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firesight_system:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75531FCE-08FA-44F9-9E0F-574A3EB1A10E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad de administraci\u00f3n de licencias de Cisco Firepower System Software podr\u00eda permitir a un atacante remoto no autenticado omitir los filtros de URL que se hayan configurado para un dispositivo afectado. M\u00e1s informaci\u00f3n: CSCvb16413. Versiones afectadas conocidas: 6.0.1, 6.1.0, 6.2.0 y 6.2.1. Versiones solucionadas conocidas: 6.2.1, 6.2.0.1 y 6.1.0.2."
    }
  ],
  "id": "CVE-2017-6674",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-13T06:29:01.160",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98654"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98654"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-09795

Vulnerability from cnvd - Published: 2017-06-15

Title

Cisco Firepower System Software远程安全绕过漏洞

Description

Cisco Firepower System Software是美国思科（Cisco）公司的一款下一代防火墙产品（NGFW）。 Cisco Firepower System Software中的feature-license管理功能存在安全漏洞，该漏洞源于URL过滤许可证可以被禁用。远程攻击者可通过发送流量利用该漏洞绕过URL过滤器。

Severity

中

Patch Name

Cisco Firepower System Software远程安全绕过漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc

Reference

http://www.securityfocus.com/bid/98654

Impacted products

Name
['Cisco FirePOWER Management Center 6.0.1', 'Cisco FirePOWER Management Center 6.2.1', 'Cisco FirePOWER Management Center 6.1', 'Cisco FirePOWER Management Center 6.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98654"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6674"
    }
  },
  "description": "Cisco Firepower System Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u4ea7\u54c1\uff08NGFW\uff09\u3002\r\n\r\nCisco Firepower System Software\u4e2d\u7684feature-license\u7ba1\u7406\u529f\u80fd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eURL\u8fc7\u6ee4\u8bb8\u53ef\u8bc1\u53ef\u4ee5\u88ab\u7981\u7528\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u6d41\u91cf\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7URL\u8fc7\u6ee4\u5668\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-09795",
  "openTime": "2017-06-15",
  "patchDescription": "Cisco Firepower System Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u4ea7\u54c1\uff08NGFW\uff09\u3002\r\n\r\nCisco Firepower System Software\u4e2d\u7684feature-license\u7ba1\u7406\u529f\u80fd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eURL\u8fc7\u6ee4\u8bb8\u53ef\u8bc1\u53ef\u4ee5\u88ab\u7981\u7528\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u6d41\u91cf\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7URL\u8fc7\u6ee4\u5668\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Firepower System Software\u8fdc\u7a0b\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco FirePOWER Management Center  6.0.1",
      "Cisco FirePOWER Management Center 6.2.1",
      "Cisco FirePOWER Management Center 6.1",
      "Cisco FirePOWER Management Center  6.2"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/98654",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-27",
  "title": "Cisco Firepower System Software\u8fdc\u7a0b\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

VAR-201706-0556

Vulnerability from variot - Updated: 2025-04-20 23:23

A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvb16413. The vulnerability stems from the fact that URL filtering licenses can be disabled

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0556",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firesight system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.1.0"
      },
      {
        "model": "firesight system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.2.0"
      },
      {
        "model": "firesight system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.2.1"
      },
      {
        "model": "firesight system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.0.1"
      },
      {
        "model": "firesight system software",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.0.1"
      },
      {
        "model": "firepower management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.2.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83606.2.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83606.2"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83606.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83606.0.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82606.2.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82606.2"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82606.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "82606.0.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81406.2.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81406.2"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81406.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81406.0.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81206.2.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81206.2"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81206.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81206.0.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70506.2.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70506.2"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70506.1"
      },
      {
        "model": "firepower appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70506.0.1"
      },
      {
        "model": "amp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81506.2.1"
      },
      {
        "model": "amp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81506.2"
      },
      {
        "model": "amp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81506.1"
      },
      {
        "model": "amp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "81506.0.1"
      },
      {
        "model": "amp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "71506.2.1"
      },
      {
        "model": "amp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "71506.2"
      },
      {
        "model": "amp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "71506.1"
      },
      {
        "model": "amp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "71506.0.1"
      },
      {
        "model": "firepower management center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.1.0.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "98654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1279"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6674"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:firesight_system_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco.",
    "sources": [
      {
        "db": "BID",
        "id": "98654"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1279"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-6674",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-6674",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-114877",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-6674",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-6674",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-6674",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201705-1279",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114877",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114877"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1279"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6674"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2. \nAn attacker can exploit this issue to bypass security restrictions and  perform unauthorized actions. This may aid in further attacks. \nThis issue is tracked by Cisco Bug ID  CSCvb16413. The vulnerability stems from the fact that URL filtering licenses can be disabled",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6674"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      },
      {
        "db": "BID",
        "id": "98654"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114877"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6674",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "98654",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004812",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1279",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-114877",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114877"
      },
      {
        "db": "BID",
        "id": "98654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1279"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6674"
      }
    ]
  },
  "id": "VAR-201706-0556",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114877"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:23:44.789000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170524-fmc",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc"
      },
      {
        "title": "Cisco Firepower System Software Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70594"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1279"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114877"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6674"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170524-fmc"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/98654"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6674"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6674"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114877"
      },
      {
        "db": "BID",
        "id": "98654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1279"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6674"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-114877"
      },
      {
        "db": "BID",
        "id": "98654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1279"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6674"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114877"
      },
      {
        "date": "2017-05-24T00:00:00",
        "db": "BID",
        "id": "98654"
      },
      {
        "date": "2017-07-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      },
      {
        "date": "2017-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-1279"
      },
      {
        "date": "2017-06-13T06:29:01.160000",
        "db": "NVD",
        "id": "CVE-2017-6674"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114877"
      },
      {
        "date": "2017-05-24T00:00:00",
        "db": "BID",
        "id": "98654"
      },
      {
        "date": "2017-07-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      },
      {
        "date": "2017-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-1279"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-6674"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1279"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco FirePOWER System software  feature-license Set on the device in the management function  URL Vulnerabilities that bypass the filter",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004812"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1279"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6674 (GCVE-0-2017-6674)

GSD-2017-6674

GHSA-X82J-C66Q-2VHM

FKIE_CVE-2017-6674

CNVD-2017-09795

VAR-201706-0556

Tags

Sightings

Nomenclature